How to protect yourself against common payment and credit card scams

Most of us have received that random email from from overseas royalty, promising us a large inheritance. All we need to do is simply send through our bank account details. Our better judgement tells us to avoid these obvious scams. But there are many more out there aren’t as obvious and can catch us unaware. 

As Australians continue to heavily rely on the internet and digital services in both their personal and professional lives, the importance of security and keeping important information confidential is becoming increasingly challenging. 

With a huge online presence, scammers are extremely knowledgeable with sophisticated software as well as being notoriously persistent in retrieving data.  

The Australian Competition & Consumer Commission (ACCC) recently reported $211 million dollars lost in scams so far in 2021. This is an 89% increase from the $175.6 million loss reported for 2020. 

As scams become a growing concern for consumers and business owners alike, it’s crucial to stay vigilant. Knowledge as they often say, is power. It’s important to know what to look out for when it comes to protecting your business. 

We share our list of most common scams that impact businesses.  

False Billing 

It’s not uncommon for businesses to receive fake invoices, letters or invitations to be part of shams or bogus advertising directory listings. In 2020, over $13 million was lost from false billings  alone.  

Such unauthorised documents are sent to the administrator or front office manager who may be unsure whether such services have been performed for the business.  

Aside from email, scammers will also make random phone calls. In their persistence, they will confirm a booking or advertising renewal or insist that certain goods or services had been ordered. 

Scam phone calls can sometimes lead to intimidation and threats to take legal action if you refuse to pay. 

In such cases, stay assertive. Hang up the call immediately. If unsure of its legitimacy, search and contact the organisation that the caller claimed they represented. If necessary, report the scam.  

It’s also important as a business owner to educate their employees so they can easily identify scams and also know who to ask if they are unsure. 

Phishing and Whaling 

By definition, phishing is when a scammer contacts you, claiming they’re from a legitimate business, such as a bank, internet provider, freight company or telephone company and asking for you to provide or confirm personal details. This contact can come in the form of email, text, phone call or through social media. 

To make their communication appear authentic, they will often use a similar format or copy a company logo or brand.  

Their messages may ask you to fill out a survey with personal information. They may try and notify you of “unusual overseas purchasing activity” but need confirmation of your bank account or credit card details. 

One of the easiest ways to identify a phishing email is by looking at the domain the email has come from. Often it has a misspelt brand name or comes from a generic email address. A generic greeting such as “Dear Valued Customer” or “Sir/Maam”and a lack of contact information in the signature block are also strong indicators of a phishing email. An organisation you have a relationship will always address you by name and provide their contact information. 

Whaling scams are more planned and intentional as they set out to target specific businesses using their detailed information and background. In some instances, in an attempt to capture confidential information for fraudulent purposes, scammers may send direct emails to senior staff members or C-Suite executives. 

Remember that providing sensitive information such as credit card details over the phone or on email will allow scammers to carry out fraudulent activity or theft identity and even steal your money. 

No matter how convincing the other person is on the phone or how authentic the email appears, never give out personal details. 

Malware and Ransomware 

Scammers are becoming more and more sophisticated in how they capture your confidential details from the internet. Malware and ransomware help them achieve this. 

Scams are often sent via email or messages with an attractive offer or topical news update compelling recipients to open or click on an attached link, website or document. 

The attachment itself will actually be a form of malware. Successful malware scams will install software to your computer or laptop, allowing scammers to access all your files or even watch you through your computer.  

Like phishing and whaling scams, scammers will then use the retrieved credit card details from your computer for fraudulent purposes. 

Ransomware also captures confidential information through the internet. If the recipient clicks on the software, it will block or limit the user’s access to their own computer. Scammers will demand a ransom. They will demand a form of payment, or your credit card details to “unlock” the computer. Unfortunately, there is no guarantee to retrieve your data or computer, even if the ransom is paid. 

To avoid malware or ransomware attacks, never open attachments from contacts you don’t know. Scammers can be clever and make it look like they are sending you an invoice from a company you deal with. in this case, the best protection is malware prevention and protection software (eg. McAfee or Norton).  

Overpayment Scams 

Online businesses are a frequent target for scammers. They will make an overpayment for a purchase, often an amount far greater than the agreed selling price.  

The scammer will then later contact the seller, using a fake excuse as to why they made an overpayment. They might tell you that they miscalculated the goods and services tax or say that it was just a simple mistake of adding one to many zeros in the paying amount. 

Scammers may claim they have made payment but use fake payment receipts as their proof. Alternatively, they made payment with a stolen credit card. They will then tell you that payment will be paused until they receive the excess amount.  

The scammer may either ask you to refund them the access amount through a third party such as an online banking transfer or preloaded funds card.  

The best way to protect your business is to never agree to send money to a customer that isn’t the original source of payment. If you use an eCommerce platform such as WooCommerce or Shopify you should only ever refund back to the original source and never agree to transfer via Internet Banking instead. Make sure you state this in the terms and conditions in your website so you can always reference this when if this is ever requested by a customer (..or more likely a scammer). 

Investment scams 

Quick, high return with little risk! Sounds too good to be true? It probably is. In fact, you may have found yourself as a target of an investment scam. 

With cryptocurrencies becoming increasingly popular, so too are the scams that encourage you to take part in the trading and investing in them. 

Scammers will often advertise through social media, offering to either trade on your behalf or direct you to a website or app where you will enter your details to start making investments. These so-called trading platforms and websites will then send you fake data updating you on the progress of your “profits”    

Scammers will make it difficult for you to withdraw money. It may also be a case where you will suddenly find the website or platform is closed or shut down.  

Other investment scams can also come from unsolicited contacts who claim to be stockbrokers or financial portfolio managers. They will offer investment opportunities that sound legitimate, use professional looking websites and even lie about their credentials. 

Always do your research. Check with government regulators if your contact is licensed. Also, speak to an independent financial advisor who can give you an objective and professional opinion. 

Most of all, do not commit to anything on the phone or on email. Investment scammers are extremely persistent and may be keen to keep contacting you until you invest. 

Stay Vigilant and Aware  

Scams often arrive in your email inbox or via text as well as through phone calls. Whatever internet channels you use. They will also be unexpected, trying to catch you unaware.  

If you’re in doubt, there’s a possibly good reason for it. If the offer sounds amazing and too good to be true, it most likely is! Showing the slightest hint of interest only makes scammers more persistent so it’s important to stay assertive. Try to cease communication as soon as possible. 

Immediately seek professional advice, whether that is your financial advisor, accountant or even lawyer. If necessary, report the scam to the appropriate government authorities and regulators. 

Scams gain success through people’s vulnerabilities and lack of awareness. Also new scams are consistently devised, making it harder to recognise what is legitimate and what isn’t. By reporting your incidences may help other businesses understand how to continue to better protect themselves. 


Protect your business with B2BPay 

With so many different types of scams and the increasing complexity of how scammers lure businesses and capture confidential data through the internet, it’s crucial to safeguard your business and its payment processing system. 

B2Bpay is a secure online payment portal for businesses to pay bills with existing credit cards, debit cards or bank accounts. B2Bpay is the ideal cloud-based payment processing system that:  

  • Doesn’t collect or store full card numbers. 
  • Uses card tokenisation for maximum security. 
  • Is Level 1 PCI DSS (Payment Card Industry Data Security Standards) compliant. 
  • Uses SSL (Secure Sockets Layer – https) for secure encryption between our server and your browser 
  • Utilises merchant facilities provided by ANZ. 
  • Is data encrypted. 
  • Is 100% Australian owned and operated. 
  • Is built on a robust .net platform. 
  • Is hosted by Microsoft in its Sydney and Melbourne state of the art data centres.


B2BPay also offers a solid solution for receiving payments. As a B2Bpay Biller, invoices can be directly sent to customers. All credit card details are protected, using tokenisationgiving you the confidence that your customers payment data is secure.  

B2Bpay: Keeping cybersecurity top priority for your business 

B2Bpay’s maximum security features will prevent and protect your business from the dangers and threats of online scams. 

Whether you’re making payments or receiving them, you will have peace of mindthat credit card details and other important data doesn’t get lost or stolen, protecting the details of every single transaction. 

Stay vigilant and keep scammers away from your business and customers.  

Sign up for B2Bpay today. It’s FREE. 

Have questions or need further information? Contact our locally based Customer Support team on 1300 625 647 


And our team will be in touch to get you started!


And our team will be in touch to get you started!

Register Now

Start accepting card payments online

Let’s get you started below.

  1. Fill in the form & we will get back to you requesting some more details and your logo
  2. We will then set up your payment portal and help you get a link on your invoices to start receiving payments

Start receiving payments on auto-pilot.

1. Simply enter your details below.

2. We will be in touch to get you started receiving card payments through B2Bpay shortly.

* Mandatory Fields

Start making and receiving payments.

1. Simply enter your details below.

2. We will be in touch to get your started making and receiving card payments through B2Bpay shortly.

* Mandatory Fields

Start accepting card payments directly from your Invoices.

It’s simple.

1. Fill in the form below & we will get back to you requesting some more details and your logo

2. We will then set up your account and payment page.

3. Finally we will help you get a ‘pay now’ link on your invoices that will direct to your payment page.

* Mandatory Fields